Nagios - Attribute based authorization

Vágó Tibor oreggin at niif.hu
Tue Nov 2 16:21:39 CET 2010

Previous message: AUTO: Steffen Nagel ist außer Haus. (Rückkehr am 03.11.2010)
Next message: Nagios - Attribute based authorization
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Dear List,

is there any news, comments in this topic?

Cheers,
Tibor


2010-10-18 11:05 keltezéssel, Vágó Tibor írta:
> Dear List,
>
> the development of this feature has been finished and it had been
> tested in 99% of possible cases. The patch is attached to this e-mail.
> As you can see we work with nagios version 3.2.1.
>
> Kind Regards,
> Tibor Vago
>
>
> 2010-05-21 17:06, Vago Tibor wrote:
>> Dear Andreas,
>>
>> Thansk for the quick answer.
>> We will start the development for this feature and send patch(es) to
>> the ND list.
>>
>> Kind regards,
>> Tibor
>>
>>
>> 2010-05-19 12:15 keltezéssel, Andreas Ericsson írta:
>>> On 05/19/2010 11:03 AM, Vágó Tibor wrote:
>>>> Dear Nagios devel-list,
>>>>
>>>> We would like to use attribute based authority checking in Nagios.
>>>> We use authentication but not SSL-based.
>>>>
>>>> Our conception is (based nagios-version-3.2.1) the following:
>>>>
>>>> *Step1*
>>>> cgi/status.c:
>>>> -------------------------------------------------
>>>> //line136:
>>>> authdata current_authdata;
>>>>
>>>> //line244:
>>>> get_authentication_information(&current_authdata);
>>>>
>>>> Add some char variables to authdata structure.
>>>>
>>>> include/cgiauth.h
>>>> -------------------------------------------------
>>>> typedef struct authdata_struct{
>>>> char *username;
>>>> int authorized_for_all_hosts;
>>>> int authorized_for_all_host_commands;
>>>> int authorized_for_all_services;
>>>> int authorized_for_all_service_commands;
>>>> int authorized_for_system_information;
>>>> int authorized_for_system_commands;
>>>> int authorized_for_configuration_information;
>>>> int authorized_for_read_only;
>>>> int authenticated;
>>>> //TODO
>>>> char **host_allow_to_see;
>>>> char **service_allow_to_see;
>>>> ...
>>>> }authdata;
>>>>
>>>>
>>>>
>>>>
>>>> *Step2*
>>>> cgi/cgiauth.c
>>>> -------------------------------------------------
>>>> line86 /* read in authorization override vars from config file... */
>>>> line87 if((thefile=mmap_fopen(get_cgi_config_location()))!=NULL){
>>>> ...
>>>> line95 if((input=mmap_fgets_multiline(thefile))==NULL)
>>>> line96 break;
>>>>
>>>> authinfo->username=""
>>>> authinfo->authenticated=FALSE
>>>> authinfo->authorized_for_all_hosts=FALSE;
>>>> authinfo->authorized_for_all_host_commands=FALSE;
>>>> authinfo->authorized_for_all_services=FALSE;
>>>> authinfo->authorized_for_all_service_commands=FALSE;
>>>> authinfo->authorized_for_system_information=FALSE;
>>>> authinfo->authorized_for_system_commands=FALSE;
>>>> authinfo->authorized_for_configuration_information=FALSE;
>>>> authinfo->authorized_for_read_only=FALSE;
>>>> // TODO:
>>>> // newlocal variable:
>>>> attribute_server_variable="entitlement";
>>>>
>>>>
>>>>
>>>> *Step3*
>>>> Check the CGI config file is it contains "attribute_server_variable".
>>>> If it not doesn't contain then we can return just like now.
>>>> If it contains then read its value otherwise the default value is
>>>> "entitlement".
>>>> Then split value about ";" and put that pieces into an array.
>>>>
>>>> Now we can compare the attribute pieces of array from server variable
>>>> and attributes from CGI configs.
>>>> Theese compares will be placed in the following functions:
>>>>
>>>> int is_authorized_for_host(){...}
>>>> int is_authorized_for_service(){...}
>>>> ...
>>>> etc.
>>>>
>>>> Can anyone inform me if this feature is currently under
>>>> development or
>>>> already usable.
>>>
>>> It's not under development and it's definitely not already usable.
>>>
>>>> If not, we would like to add this feature to the
>>>> Nagios source code cooperate with the developer team. How can I send
>>>> patches or modification?
>>>>
>>>
>>> You can send patches in unified diff format to this list, where I, Ton
>>> or Ethan will pick them up and put them "somewhere" and evaluate them
>>> for a future release. Note that details about the patch may well be
>>> altered during the review process. If the patch is crap, we'll tell
>>> you
>>> so and give you details about what needs to be changed in order for it
>>> to be accepted.
>>>
>>> Since it's a change to the cgi's, no new major release has to be done.
>>>
>>
>


------------------------------------------------------------------------------
Nokia and AT&T present the 2010 Calling All Innovators-North America contest
Create new apps & games for the Nokia N8 for consumers in  U.S. and Canada
$10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing
Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store 
http://p.sf.net/sfu/nokia-dev2dev
_______________________________________________
Nagios-devel mailing list
Nagios-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-devel

Previous message: AUTO: Steffen Nagel ist außer Haus. (Rückkehr am 03.11.2010)
Next message: Nagios - Attribute based authorization
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Developers mailing list